TP-LINK Omada Controller Software 3.2.6 eap-web-3.2.6.jar path traversal

EntryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in TP-LINK Omada Controller Software 3.2.6. This vulnerability affects some unknown processing of the file /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field05/05/2020 09:19 AM05/05/2020 09:24 AM
vendorTP-LINKTP-LINK
nameOmada Controller SoftwareOmada Controller Software
version3.2.63.2.6
file/opt/tplink/EAPController/lib/eap-web-3.2.6.jar/opt/tplink/EAPController/lib/eap-web-3.2.6.jar
risk22
cvss2_vuldb_basescore4.64.6
cvss2_vuldb_tempscore4.64.6
cvss2_vuldb_avLL
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss3_meta_basescore5.45.4
cvss3_meta_tempscore5.45.4
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore5.35.3
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
date1588550400 (05/04/2020)1588550400 (05/04/2020)
price_0day$0-$5k$0-$5k
cveCVE-2020-12475CVE-2020-12475
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_nvd_basescore5.55.5
cwe022 (directory traversal)
cvss2_nvd_avL
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_nvd_avL
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cve_assigned1588118400
cve_nvd_summaryTP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar.

Do you want to use VulDB in your project?

Use the official API to access entries easily!